Industry News

Hackers plotted fake Flappy Bird app to steal girls’ photos from Android phones

Next time you install an app on your phone, you’d best think twice if it asks permission to access your photos.

As The Guardian reports, following a tweet from security researcher Nik Cubrilovic, the very same hackers who merrily collected naked photos of more than 100 female celebrities, including Oscar-winning actress Jennifer Lawrence, had plotted a variety of dirty tricks to increase their haul.

At least one hacker openly posted on the AnonIB image board, proposing what he called a “genious” idea:

I have developed a flappybird clone. Hear me out. I.. modded.. the app.

It now secretly downloads all of the phones pictures to my server when the game is running.

Such a scheme, if put into operation, would not just be a risk for celebrities of course. Anybody who had photographs on their smartphone which they wanted to remain private would be at risk if they installed the app.

The only good news is that the hacker posting on AnonIB’s sleazy image-sharing board doesn’t want to risk his developer account.

The problem is this – it’s a violation of google play developers license to do publish sneaky apps like that, and I REFUSE to risk my license over it.

HOWEVER, I am willing to make a second developer account with the purpose of getting wins from this game. The fee is 20$ for a developer license.

If any kind anons want to help me get the thing paid for, I will post any wins obtained in this thread. (I will link the app’s store entry here. you get the girls to download it and play ONCE, and you’ll get all the win you wanted, if it was there.

What a charming fellow… I’m sure his mother is proud of him.

The real Flappy Bird game, written by Dong Nguyen, has been one of the most popular apps of the year – its addictive tough gameplay and retro graphics either managing to both frustrate and charm in equal measure. Scores of copycat rip-offs of the game exist in the Android Google Play store, and although it’s not known if the hacker’s plan was ever put into action – it’s certainly plausible that it would work.

The problem is, of course, that firstly Google doesn’t police its app store anything like as strongly as Apple, but also that users are all too willing to grant permission to their Android apps to access all manner of parts of their smartphone without questioning if it’s appropriate for a game to – say – send SMS message or (in this scenario) access your photographs.

Don’t forget, always be careful about what apps you put on your mobile phone, and take special care over the permissions that they request. If you don’t want to grant an app access, don’t install it.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

7 Comments

Click here to post a comment

Your email address will not be published. Required fields are marked *